{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T19:01:13Z","timestamp":1772046073148,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Huawei Research Fund"},{"name":"National Key R&D Program of China","award":["2021YFB2701000"],"award-info":[{"award-number":["2021YFB2701000"]}]},{"name":"Key R&D Program of Hubei Province","award":["2023BAB017"],"award-info":[{"award-number":["2023BAB017"]}]},{"name":"National NSF of China","award":["62302181"],"award-info":[{"award-number":["62302181"]}]},{"name":"Knowledge Innovation Program of Wuhan-Basic Research"},{"name":"HUSTCSE-FiberHome Joint Research Center for Network Security"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690269","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2326-2340","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3818-3343","authenticated-orcid":false,"given":"Shenao","family":"Wang","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7091-2169","authenticated-orcid":false,"given":"Feng","family":"Dong","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5459-5458","authenticated-orcid":false,"given":"Hangfeng","family":"Yang","sequence":"additional","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7311-9924","authenticated-orcid":false,"given":"Jingheng","family":"Xu","sequence":"additional","affiliation":[{"name":"Sangfor Technologies Inc., Shenzhen, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24310"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102753"},{"key":"e_1_3_2_1_3_1","unstructured":"Steve Alder. 2023. Ransomware Gangs Increasingly Exploiting 0Day and 1Day Vulnerabilities. https:\/\/www.hipaajournal.com\/ransomware-gangs-increasingly-exploiting-0day-and-1day-vulnerabilities\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Kurt Baker. 2023. Fileless Malware Explained. https:\/\/www.crowdstrike.com\/cybersecurity-101\/malware\/fileless-malware\/."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118299"},{"key":"e_1_3_2_1_6_1","unstructured":"Leo Breiman J. H. Friedman Richard A. Olshen and C. J. Stone. 1984. Classification and Regression Trees. Wadsworth."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.110138"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939785"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991110"},{"key":"e_1_3_2_1_10_1","unstructured":"Shannon Davis. 2022. An Empirically Comparative Analysis of Ransomware Binaries. https:\/\/www.splunk.com\/content\/dam\/splunk2\/en_us\/gated\/white-paper\/an-empirically-comparative-analysis-of-ransomware-binaries.pdf."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS59707.2023.10288691"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102659"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1013203451"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3240025"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.019"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2018.02.008"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3639090"},{"key":"e_1_3_2_1_18_1","volume-title":"25th USENIX Security Symposium, USENIX Security 16","author":"Kharraz Amin","year":"2016","unstructured":"Amin Kharraz, Sajjad Arshad, Collin Mulliner, William K. Robertson, and Engin Kirda. 2016. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 757--772. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/kharaz"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--66332--6_5"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--20550--2_1"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3129676.3129713"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616665"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC54503.2022.9720869"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00124"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030-00470--5_6"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCC.2016.14"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3234691"},{"key":"e_1_3_2_1_28_1","unstructured":"Mosimilolu Odusanya. 2020. MITRE ATT&CK spotlight: Process injection. https:\/\/www.infosecinstitute.com\/resources\/mitre-attck\/mitre-attck-spotlight-process-injection\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3514229"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3268535"},{"key":"e_1_3_2_1_31_1","unstructured":"RiskOptics. 2021. Avoiding Cyber Security False Positives. https:\/\/reciprocity.com\/blog\/avoiding-cyber-security-false-positives\/."},{"key":"e_1_3_2_1_32_1","unstructured":"Nir Rosen Haim Elisha Ahmad Saleh Vadim Gechman and Sharon Mashhadi. 2023. Supercharge Ransomware Detection with AI-Enhanced Cybersecurity Solutions. https:\/\/developer.nvidia.com\/blog\/supercharge-ransomware-detection-with-ai-enhanced-cybersecurity-solutions\/."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2016.46"},{"key":"e_1_3_2_1_34_1","volume-title":"Rabih Mohsen, and Emil C. Lupu.","author":"Sgandurra Daniele","year":"2016","unstructured":"Daniele Sgandurra, Luis Mu noz-Gonz\u00e1lez, Rabih Mohsen, and Emil C. Lupu. 2016. Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. CoRR, Vol. abs\/1609.03020 (2016). showeprint[arXiv]1609.03020 http:\/\/arxiv.org\/abs\/1609.03020"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2018.8554938"},{"key":"e_1_3_2_1_36_1","volume-title":"The State of Ransomware","year":"2023","unstructured":"Sophos. 2023. The State of Ransomware 2023. https:\/\/assets.sophos.com\/X24WTUEQ\/at\/c949g7693gsnjh9rb9gr8\/sophos-state-of-ransomware-2023-wp.pdf."},{"key":"e_1_3_2_1_37_1","volume-title":"The 15th Australian Joint Conference on Artificial Intelligence 2002, Proceedings Australasian Data Mining Workshop","author":"Steinberg Dan","year":"2002","unstructured":"Dan Steinberg, Mikhail Golovnya, and Nicholas Scott Cardell. 2002. Stochastic Gradient Boosting: An Introduction to TreeNet#8482;. In The 15th Australian Joint Conference on Artificial Intelligence 2002, Proceedings Australasian Data Mining Workshop, Canberra, Australia, 3rd December 2002, Simeon J. Simoff, Graham J. Williams, and Markus Hegland (Eds.). University of Technology Sydney, Australia, 1--12."},{"key":"e_1_3_2_1_38_1","volume-title":"Ransomware Payments Exceed 1 Billion","author":"Team Chainalysis","year":"2023","unstructured":"Chainalysis Team. 2024. Ransomware Payments Exceed 1 Billion in 2023, Hitting Record High After 2022 Decline. https:\/\/www.chainalysis.com\/blog\/ransomware-2024\/."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.3390\/app12010172"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.021"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11203307"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179372"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102691"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690269","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690269","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:22:01Z","timestamp":1755843721000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690269"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":43,"alternative-id":["10.1145\/3658644.3690269","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690269","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}